Input validation

libspdm is a sample implementation that follows the DMTF SPDM specifications. Prior to versions 2.3.3 and 3.0, following a successful CAPABILITIES response, a libspdm Requester stores the Responder's CTExponent into its context without validation. If the Requester sends a request message that...

CVE-2023-32690 Responder can Invoke Undefined Behavior in libspdm Requester

libspdm is a sample implementation that follows the DMTF SPDM specifications. Prior to versions 2.3.3 and 3.0, following a successful CAPABILITIES response, a libspdm Requester stores the Responder's CTExponent into its context without validation. If the Requester sends a request message that...

CVE-2023-32690 Responder can Invoke Undefined Behavior in libspdm Requester

libspdm is a sample implementation that follows the DMTF SPDM specifications. Prior to versions 2.3.3 and 3.0, following a successful CAPABILITIES response, a libspdm Requester stores the Responder's CTExponent into its context without validation. If the Requester sends a request message that...

HP Version Control Agent (VCA) < 7.3.3 Multiple SSL Vulnerabilities

The RPM installation of HP Version Control Agent VCA on the remote Linux host is a version prior to 7.3.3. It is, therefore, affected by multiple vulnerabilities in the bundled version of SSL : - An error exists in the 'ssl3readbytes' function that permits data to be injected into other sessions ...

HP Version Control Agent (VCA) Heartbeat Information Disclosure (Heartbleed)

The RPM installation of HP Version Control Agent VCA on the remote Linux host is version 7.2.2, 7.3.0, or 7.3.1. It is, therefore, affected by an information disclosure vulnerability. An out-of-bounds read error, known as the 'Heartbleed Bug', exists related to handling TLS heartbeat extensions...

HP Version Control Agent (VCA) Heartbeat Information Disclosure (Heartbleed)

The installation of HP Version Control Agent VCA on the remote Windows host is version 7.2.0, 7.2.1, 7.2.2, 7.3.0, or 7.3.1. It is, therefore, affected by an information disclosure vulnerability. An out-of-bounds read error, known as the 'Heartbleed Bug', exists related to handling TLS heartbeat...

[security bulletin] HPSBMU03033 rev.1 - HP Insight Control Software Components running OpenSSL, Remote Disclosure of Information

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Note: the current version of the following document is available here: https://h20564.www2.hp.com/portal/site/hpsc/public/kb/ docDisplay?docId=emrna-c04272892 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c04272892 Version: 1 HPSBMU03033 rev....

[security bulletin] HPSBMU03020 rev.2 - HP Version Control Agent &#40;VCA&#41; and Version Control Repository Manager &#40;VCRM&#41; running OpenSSL on Linux and Windows, Remote Disclosure of Information

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Note: the current version of the following document is available here: https://h20564.www2.hp.com/portal/site/hpsc/public/kb/ docDisplay?docId=emrna-c04262472 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c04262472 Version: 2 HPSBMU03020 rev....

[security bulletin] HPSBMU03020 rev.1 - HP Version Control Agent &#40;VCA&#41; and Version Control Repository Manager &#40;VCRM&#41; running OpenSSL on Linux and Windows, Remote Disclosure of Information

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Note: the current version of the following document is available here: https://h20564.www2.hp.com/portal/site/hpsc/public/kb/ docDisplay?docId=emrna-c04262472 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c04262472 Version: 1 HPSBMU03020 rev....

KLA10195 LPE vulnerability in HP VCA

Unspecified vulnerability was found in HP VCA. By exploiting this vulnerability malicious users can gain privileges. This vulnerability can be exploited remotely by unknown vectors. Original advisories - Related products HP-Version-Control-Agent CVE list CVE-2006-5300 high Solution Update to late...